Azure AD / Entra group provisionning and members

Nicolas Ch 40 Reputation points

Hi community, I'm using Entra SSO and user provisionning with a couple of applications successfully. But I keep encountering an issue with group provisionning, I can provision them from Azure to the applications (Google Workspace and Egnyte for example) but the members are never updated even they're part of the attribute mapping. I get no error, it's just like the members attribute mapping is ignored. I've tested with mail-enabled groups and M365 groups containing users with mailboxes but still no luck.

Did anyone encounter (and eventually solved) a similar issue?

Thank you in advance for your help and suggestions.

Sorry if it's not detailed enough, I'll be happy to provide more details.

User's image

User's image

User's image

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
17,608 questions
0 comments No comments
{count} votes

Accepted answer
  1. Carlos Solís Salazar 15,171 Reputation points

    Hi there, thank you for reaching out about your issue with group provisioning in Entra SSO. I understand that you have been successful in user provisioning to applications like Google Workspace and Egnyte, but are facing challenges with group members not being updated despite being part of the attribute mapping. You've mentioned that there are no errors, and it seems like the members' attribute mapping is being ignored.

    Here are some steps and considerations that might help in resolving this issue:

    1. Attribute Mapping Review: Ensure that the attribute mapping for group members is correctly configured in Azure AD. It's crucial to make sure that the relevant attributes are mapped in a way that the target applications can interpret them correctly.
    2. Group Synchronization in Azure AD: Check that the groups in Azure AD are up to date and that synchronization is functioning correctly. Sometimes, incomplete synchronization or a glitch can cause issues in the provisioning of group members.
    3. Group Types: As you've mentioned trying with mail-enabled groups and M365 groups, it's important to review whether the target applications support these types of groups and how they handle group membership.
    4. Logs and Diagnostics: Review the logs from Azure AD and the target applications for any errors or warnings that might be related to group provisioning. This can provide clues as to what might be going wrong.
    5. Target Applications Configuration: Verify the configurations in Google Workspace and Egnyte to ensure they are set up to accept and process group and member information from Azure AD.
    6. Support from Microsoft and Application Providers: If the issue persists after these checks, it might be helpful to contact support from Microsoft and the specific applications (Google Workspace and Egnyte) for more detailed assistance.

    Regarding the links you've provided, it appears they are attachments from Microsoft Learn, and I can't access them directly. If there's specific information in those documents that you think might be relevant, feel free to share it here.

    If you need more information or assistance, I’m here to help! And remember to accept the answer if it helped you.

0 additional answers

Sort by: Most helpful